EP1753202A1 - Décodage de paquets de données - Google Patents
Décodage de paquets de données Download PDFInfo
- Publication number
- EP1753202A1 EP1753202A1 EP06270070A EP06270070A EP1753202A1 EP 1753202 A1 EP1753202 A1 EP 1753202A1 EP 06270070 A EP06270070 A EP 06270070A EP 06270070 A EP06270070 A EP 06270070A EP 1753202 A1 EP1753202 A1 EP 1753202A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- decoder
- instructions
- fields
- decoding
- protocol specification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000012805 post-processing Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/12—Protocol engines
Definitions
- This invention relates to decoding data packets in a telecommunications network, specifically, though not exclusively, for generating decoding instructions to be used for the decoding of data packets from a telecommunications network.
- PSTNs Public Switched Telephone Networks
- PLMNs Public Land Mobile Networks
- a bearer or transmission network for carrying end-user voice and data traffic
- PLMNs Public Land Mobile Networks
- signalling network for controlling the setup and release of bearer channels through the bearer network in accordance with control signals transferred through the signalling network (sometimes known as out-of-band signalling).
- signalling traffic needs to be monitored for billing and fraud detection purposes.
- a system monitoring for "denial of service" attacks may need to perform a packet inspection to detect the signature of an attack.
- an Operation Support System (OSS) monitoring Service Level Agreements (SLAs) needs to distinguish between different packet flows.
- a network analyzer probing for erroneous behaviour may need to examine, in detail, selected packets.
- An OSPF (Open-Shortest-Path-First) based topology discovery component may need to examine specific routing information within packets.
- the packets flowing through the network may be formatted according to a number of different protocols.
- Each packet is formed of a sequence of bits, the sequence being divided into fields.
- the fields may be further divided in a hierarchical fashion into sub-fields.
- field will be used hereinafter, it will be appreciated that it is intended to include “subfields” within this term.
- the packets In order to monitor the packets, the packets must be decoded, at least to ascertain their hierarchical structure, with the decoding being dependent on the particular protocol in which the packet has been formatted.
- Each protocol is defined by a protocol specification, which is, of course, known.
- a decoder that decodes packets formatted in one or more particular protocols of interest, the decoding operation being specified based on the protocol specifications of the protocols of interest.
- a single (very complicated) decoder may be provided to decode all the packets.
- decoders are provided just for particular protocols of interest.
- the operations necessary for the decoding are derived from the protocol specification. These operations can be compiled manually, or by using a specialized protocol compiler for those cases where the protocol is specified formally. It will be apparent that if tens, or even hundreds, of different protocol specifications have to be supported, it can be quite complicated to produce the decoder.
- the decoded data from the packets is provided to an application processor to carry out data processing on the data.
- an application processor only needs to carry out processing on a small proportion of the data, i.e. the data from only a few fields from only packets of a particular protocol, then decoding of the whole of all of the packets prior to the application processing is highly inefficient.
- the post-processing approach where operations are executed after the entire packet has been decoded, is often inefficient.
- a packet decoder might only require access to a small number of fields within the packet, and the work required to decode the other fields can be viewed as wasted effort.
- the packet decoder may often perform additional checks on the packet to assess its suitability for further processing. It is preferable to execute such code as early as possible to allow the packet decoder to reject packets that are of no interest.
- the post-processing approach is typically all that is available when some protocol compilers are used, for example a traditional ASN. 1 compiler. This inefficiency can be offset to some extent using filtering, i.e. performing a pre-processing pass to "weed out" at least some of the packets for which there is no interest. Nevertheless, for a complex protocol a lot more work may still need to be performed than is really necessary.
- an apparatus for generating decoding instructions for a decoder for decoding data packets from a telecommunications network, each of the data packets having a plurality of fields formatted in a predetermined protocol defined by a protocol specification comprising an input, an instruction generator and an output, the instruction generator receiving an enhanced protocol specification having the protocol specification and application operations attached thereto, wherein the instruction generator analyzes the enhanced protocol specification to determine which fields in a data packet formatted in the corresponding protocol are required in order to enable the application operations to be executed and generates instructions for controlling the decoder to decode the required fields and to execute the application operations.
- the required fields include a first type of field that are specified by the application operations and a second type of field that are needed in order to provide information about the first type of field and the instruction generator generates instructions for controlling the decoder to decode the first type and the second type of fields.
- the instruction generator may generate instructions for controlling the decoder to decode only the required fields.
- the instruction generator may interleave the instructions for controlling the decoder to decode required fields and the instructions for controlling the decoder to execute application operations.
- the invention provides a decoding system for decoding data packets from a telecommunications network, each of the data packets having a plurality of fields formatted in a predetermined protocol defined by a protocol specification, the decoding system comprising a decoder and an apparatus according to any preceding claim, the decoder comprising a first input for receiving the decoding instructions, directly or indirectly, from the apparatus, a second input for receiving data packets from the telecommunications network, a decoding module and an output, the decoding module decoding the data packets from the second input according to the decoding instructions received at the first input and providing data from the decoded data packets at the output.
- the decoding system may further comprise a compiler having an input coupled to the output of the apparatus and an output coupled to the input of the decoder for compiling the decoding instructions from the apparatus into a format suitable for the decoder.
- the invention provides a method of generating decoding instructions for a decoder for decoding data packets from a telecommunications network, each of the data packets having a plurality of fields formatted in a predetermined protocol defined by a protocol specification, the method comprising the steps of receiving an enhanced protocol specification having the protocol specification and application operations attached thereto, analyzing the enhanced protocol specification to determine which fields in a data packet formatted in the corresponding protocol are required in order to enable the application operations to be executed, and generating instructions for controlling the decoder to decode the required fields and to execute the application operations.
- the required fields include a first type of field that are specified by the application operations and a second type of field that are needed in order to provide information about the first type of field and the instruction generator generates instructions for controlling the decoder to decode the first type and the second type of fields.
- the step of generating instructions may comprise generating instructions for controlling the decoder to decode only the required fields.
- the step of generating instructions may comprise interleaving the instructions for controlling the decoder to decode required fields and the instructions for controlling the decoder to execute application operations.
- Figure 1 is a diagram showing an example packet structure as known in the art.
- a packet 100 formed of a bit sequence 101, divided into several fields, e.g. Field X 102, and Field Y 103, where one or more of the fields may be subdivided into subfields.
- Field X 102 is shown as subdivided into subfield a 104 and subfield b 105
- Field Y 103 is shown as subdivided into subfield c 106 and subfield d 107.
- Field lengths 109, 110, 111, 112 as well as bit offsets 113, 114, and 115 are also shown.
- a field 102 or 103 or a subfield 104 to 107 might start on an arbitrary bit alignment boundary, and have a length consisting of an arbitrary, and variable, number of bits. Therefore, in general, a field 102, 103 has to be represented by a starting address, a bit offset into the byte starting at this address, and the total number of bits. Although some or all of this information may be predetermined and defined in the protocol specification, in some cases, some of the information, such as the bit offset and the field (or subfield) length, may be provided as information encoded within a previous field or subfield, again as may be defined in the protocol specification.
- the purpose of decoding the data packets is to enable data processing applications to process the data from the data packets to analyse the operation of the telecommunication network to help optimise various aspects of its management.
- the particular data that is actually required from the data packets may be a relatively small part of the overall data packet, so that decoding the entire data packet prior to carrying out the data processing would be rather inefficient.
- the protocol specification is enhanced by the addition of one or more operations which are taken from the data processing application that would, conventionally, have been provided after the decoding operation.
- the protocol specification can be enhanced by the addition of an operation that would instruct the decoder to carry out the frequency summing operation.
- These operations contain metavariables that refer to fields, which would need to be previously decoded in order to allow the operation to proceed.
- an enhanced protocol specification 300 includes definitions of the field structure, showing the fields Field X 301, and Field Y 302 in the left hand column and the structure of these fields in the right hand column.
- Field X 301 is defined by subfield a 306 and subfield b 307
- Field Y 302 is defined by subfield c 308 and subfield d 309. These are defined in the protocol specification.
- an operation 320 is also defined. In this case, the operation 320 is shown between subfield c 308 and subfield d 309 and includes a particular operational command 323, which needs to be carried out on metavariables $X.b 321 and $c 322.
- metavariable $X.b 321 refers to subfield b 307 within field X 301 and metavariable $c refers to subfield c 308. Since the operation 320 is embedded between subfields c and d, it can refer directly to subfield c, but can only refer to subfield b as part of the hierarchy of field X. Thus, as soon as field X 301 and subfield c 308 have been decoded, the operation 320 can be carried out. Although, of course, the operation 320 could be carried out later, there is no need to do so since it only requires field X 301 and subfield c 308.
- FIG. 3 shows one embodiment of an apparatus for generating decoding instructions to be used for the decoding of data packets from a telecommunications network.
- An enhanced protocol specification 250 is provided, for example as a text file, at an input 251 to an instruction generator 200.
- the instruction generator includes an input handler 240, an instruction engine 215 and an output handler 220.
- the instruction engine 215 is formed by a memory 230 and an instruction processor 210.
- the enhanced protocol specification 250 is passed from the input 251 to the input handler 240, where it is appropriately handled, before being passed on a link 241 to the memory 230.
- the memory 230 is accessed by the instruction processor 210 to process the enhanced protocol specification and store decoder instructions back in the memory 210.
- decoder instructions are then passed, via the output handler 220, where they may be appropriately handled, to a decoder 262. If necessary, the decoder instructions are passed via output 221 to a compiler 260, which translates the decoder instructions to a machine readable form for the decoder and then passes them from its output 261 to the decoder 262. Of course, if the instructions are generated in a form readable by the decoder, then the compiler is not necessary.
- the instruction processor 210 is used to analyse the enhanced protocol specification and determine which fields (or subfields) are required for an operation to be able to be executed. If a particular field is not required for an operation that is included in the enhanced protocol specification, then there is no need for that field to be decoded. Thus, the instruction processor looks at all the operations that are included within the enhanced protocol specification 250 and determines which fields and subfields are directly required for those operations and which fields and subfields are required in order to decode the directly required fields and subfields. The instruction processor then generates appropriate decoding instructions for the decoder so that the decoder only decodes those fields and subfields that are necessary to support the operations within the enhanced protocol specification.
- the decoding instructions generated by the instruction generator 200 thus include decoding commands and operations to be executed on data from decoded fields
- the output handler 220 may also be connected to display the decoding instructions and/or the enhanced protocol specification on a Graphical User Interface (GUI) (not shown) to enable a user to see the dependencies. From this a user could determine why a particular field was being decoded when, perhaps, it was not expected to be, by showing a chain of dependencies.
- GUI Graphical User Interface
- the instruction generator 200 can be implemented on a Unix machine, but it will be obvious to someone skilled in the art that it could be implemented in any other suitable manner.
- the instruction generator 200 operates offline and provides the decoding instructions to the decoder 262, which, once programmed with the decoding instructions, receives online the data packets to be decoded at an input 263 and provides an analysis of the decoded packets at an output 264.
- the protocol decoder can thus be specifically controlled for the particular operations that are required to be carried out. The decoder then only decodes those fields necessary for those operations. If different operations are needed to be carried out in parallel, then either a single decoder can be provided to carry a combined set of operations, or more than one decoder could be provided to carry out different sets of operations and decode those particular fields that are needed for those operations.
- the decoder can be reprogrammed with a fresh set of decoding instructions to carry out different operations. It will be appreciated that such a decoder is normally implemented as a module within specialised monitoring equipment, although it could be provided as a stand-alone piece of equipment.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Communication Control (AREA)
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0514646A GB2428497A (en) | 2005-07-18 | 2005-07-18 | Data Packet Decoding |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| EP1753202A1 true EP1753202A1 (fr) | 2007-02-14 |
Family
ID=34897345
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP06270070A Withdrawn EP1753202A1 (fr) | 2005-07-18 | 2006-07-14 | Décodage de paquets de données |
Country Status (3)
| Country | Link |
|---|---|
| US (1) | US7266131B2 (fr) |
| EP (1) | EP1753202A1 (fr) |
| GB (1) | GB2428497A (fr) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080309665A1 (en) * | 2007-06-13 | 2008-12-18 | 3D Systems, Inc., A California Corporation | Distributed rapid prototyping |
| US7839849B1 (en) * | 2008-09-25 | 2010-11-23 | Xilinx, Inc. | Formatting fields of communication packets |
| US9160688B2 (en) | 2009-06-30 | 2015-10-13 | Hewlett-Packard Development Company, L.P. | System and method for selective direct memory access |
| US8291058B2 (en) * | 2010-02-19 | 2012-10-16 | Intrusion, Inc. | High speed network data extractor |
| US9424257B1 (en) * | 2012-08-31 | 2016-08-23 | Keysight Technologies, Inc. | Compiler and operating system adapted for generating programs for decoding communication packets utilizing a protocol stack |
| US12101388B2 (en) | 2022-10-13 | 2024-09-24 | William Tegel | Universal binary specification model |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001001272A2 (fr) * | 1999-06-30 | 2001-01-04 | Apptitude, Inc. | Procede et appareil permettant de surveiller le trafic dans un reseau |
| US6356950B1 (en) * | 1999-01-11 | 2002-03-12 | Novilit, Inc. | Method for encoding and decoding data according to a protocol specification |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5189663A (en) * | 1989-08-15 | 1993-02-23 | C & P Of Virginia | Method of and system for remote testing and reporting of ISDN line conditions |
| JPH04336731A (ja) * | 1991-05-14 | 1992-11-24 | Nec Corp | プロトコルデータ生成解析装置 |
| US6535522B1 (en) * | 1997-10-01 | 2003-03-18 | Globespanvirata, Inc. | Multiple protocol interface and method for use in a communications system |
| US6278706B1 (en) * | 1998-04-03 | 2001-08-21 | Opuswave Networks, Inc. | Wireless packet data communication apparatus and method |
| US6963586B2 (en) * | 2001-08-21 | 2005-11-08 | Via Technologies, Inc. | Method and apparatus for general-purpose packet reception processing |
| WO2003060698A2 (fr) * | 2002-01-15 | 2003-07-24 | Chip Engines | Processeur de commande reconfigurable destine a un processeur multiprotocole a anneau optimise pour le mode paquet |
| JP4362261B2 (ja) * | 2002-01-17 | 2009-11-11 | 日本電気通信システム株式会社 | 音声符号制御方法 |
| AU2003251492A1 (en) * | 2002-06-11 | 2003-12-22 | Ashish A. Pandya | High performance ip processor for tcp/ip, rdma and ip storage applications |
| US7562156B2 (en) * | 2002-08-16 | 2009-07-14 | Symantec Operating Corporation | System and method for decoding communications between nodes of a cluster server |
| US20040122983A1 (en) * | 2002-12-18 | 2004-06-24 | Speed Robin C.B. | Deadline scheduling with buffering |
| JP4710321B2 (ja) * | 2004-02-02 | 2011-06-29 | ソニー株式会社 | 無線通信システム、無線通信装置及び無線通信方法、並びにコンピュータ・プログラム |
-
2005
- 2005-07-18 GB GB0514646A patent/GB2428497A/en not_active Withdrawn
-
2006
- 2006-07-14 US US11/486,915 patent/US7266131B2/en active Active
- 2006-07-14 EP EP06270070A patent/EP1753202A1/fr not_active Withdrawn
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6356950B1 (en) * | 1999-01-11 | 2002-03-12 | Novilit, Inc. | Method for encoding and decoding data according to a protocol specification |
| WO2001001272A2 (fr) * | 1999-06-30 | 2001-01-04 | Apptitude, Inc. | Procede et appareil permettant de surveiller le trafic dans un reseau |
Non-Patent Citations (2)
| Title |
|---|
| BROWNLEE THE UNIVERSITY OF AUCKLAND C MILLS GTE LABORATORIES N ET AL: "Traffic Flow Measurement: Architecture", IETF STANDARD, INTERNET ENGINEERING TASK FORCE, IETF, CH, October 1999 (1999-10-01), XP015008505, ISSN: 0000-0003 * |
| BROWNLEE THE UNIVERSITY OF AUCKLAND N: "SRL: A Language for Describing Traffic Flows and Specifying Actions for Flow Groups", IETF STANDARD, INTERNET ENGINEERING TASK FORCE, IETF, CH, October 1999 (1999-10-01), XP015008506, ISSN: 0000-0003 * |
Also Published As
| Publication number | Publication date |
|---|---|
| US7266131B2 (en) | 2007-09-04 |
| GB0514646D0 (en) | 2005-08-24 |
| GB2428497A (en) | 2007-01-31 |
| US20070013563A1 (en) | 2007-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12237986B2 (en) | Method and system for deep packet inspection in software defined networks | |
| US20070276952A1 (en) | Data packet decoding | |
| US9065770B2 (en) | Traffic item impairment emulation | |
| CN101563908B (zh) | 分析网络流的装置和方法 | |
| US7864707B2 (en) | Determination of network topology using flow-based traffic information | |
| JP4995310B2 (ja) | 送信先違いパケットの検出装置および検出方法 | |
| US9276851B1 (en) | Parser and modifier for processing network packets | |
| US6564265B2 (en) | Apparatus for encoding and decoding data according to a protocol specification | |
| WO2006063052A1 (fr) | Procede et appareil d'immunisation d'un reseau | |
| US11474823B2 (en) | Methods, systems, and computer readable media for on-demand, on-device compiling and use of programmable pipeline device profiles | |
| WO2011134739A1 (fr) | Procédé permettant de rechercher des séquences de message, moteur d'analyse de protocole et analyseur de protocole | |
| US7266131B2 (en) | Data packet decoding | |
| Ali et al. | Design and implementation of an embedded intrusion detection system for wireless applications | |
| EP2517410B1 (fr) | Support de suivi dans un routeur | |
| CN108647043A (zh) | 一种命令行输入的实现方法及系统 | |
| JP5696147B2 (ja) | データネットワーク上での複数のフローを備える通信セッションの管理 | |
| Zazo et al. | Automated synthesis of FPGA-based packet filters for 100 Gbps network monitoring applications | |
| Kuliamin et al. | Integration of functional and timed testing of real-time and concurrent systems | |
| Tian et al. | The next generation Internet protocol and its test | |
| US7839849B1 (en) | Formatting fields of communication packets | |
| CN102752171A (zh) | Ipsec协商测试方法 | |
| Gallego-Madrid et al. | Fast traffic processing in multi-tenant 5G environments: A comparative performance evaluation of P4 and eBPF technologies | |
| US20090028150A1 (en) | Protocol-Independent Packet Header Analysis | |
| Brzezinski | Towards Practical Passive Testing. | |
| Pap et al. | A bounded incremental test generation algorithm for finite state machines |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
| AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
| 17P | Request for examination filed |
Effective date: 20070814 |
|
| 17Q | First examination report despatched |
Effective date: 20070913 |
|
| AKX | Designation fees paid |
Designated state(s): DE FR GB |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
| 18D | Application deemed to be withdrawn |
Effective date: 20080930 |